- fixed host-host tunnel traffic selection, host-host works now

src/charon/config/traffic_selector.c

@@ -24,6 +24,7 @@
 
 #include <utils/linked_list.h>
 #include <utils/identification.h>
+#include <utils/logger_manager.h>
 #include <arpa/inet.h>
 #include <string.h>
 
@@ -72,6 +73,11 @@ struct private_traffic_selector_t {
 	 * end of port range 
 	 */
 	u_int16_t to_port;
+	
+	/**
+	 * Logger reference
+	 */
+	logger_t *logger;
 };
 
 /**
@@ -92,12 +98,18 @@ static traffic_selector_t *get_subset(private_traffic_selector_t *this, private_
 		u_int16_t from_port, to_port;
 		private_traffic_selector_t *new_ts;
 		
+		/* TODO: make output more human readable */
+		this->logger->log(this->logger, CONTROL|LEVEL2,
+						  "matching traffic selector ranges %x:%d-%x:%d <=> %x:%d-%x:%d",
+						  this->from_addr_ipv4, this->from_port, this->to_addr_ipv4, this->to_port,
+						  other->from_addr_ipv4, other->from_port, other->to_addr_ipv4, other->to_port);
 		/* calculate the maximum address range allowed for both */
 		from_addr = max(this->from_addr_ipv4, other->from_addr_ipv4);
 		to_addr = min(this->to_addr_ipv4, other->to_addr_ipv4);
 		if (from_addr > to_addr)
 		{
-			/* no match */
+			this->logger->log(this->logger, CONTROL|LEVEL2,
+							  "no match in address range");
 			return NULL;	
 		}
 		
@@ -106,7 +118,8 @@ static traffic_selector_t *get_subset(private_traffic_selector_t *this, private_
 		to_port = min(this->to_port, other->to_port);
 		if (from_port > to_port)
 		{
-			/* no match */
+			this->logger->log(this->logger, CONTROL|LEVEL2,
+							  "no match in port range");
 			return NULL;	
 		}
 		
@@ -115,6 +128,10 @@ static traffic_selector_t *get_subset(private_traffic_selector_t *this, private_
 		new_ts->from_addr_ipv4 = from_addr;
 		new_ts->to_addr_ipv4 = to_addr;
 		new_ts->type = TS_IPV4_ADDR_RANGE;
+		
+		this->logger->log(this->logger, CONTROL|LEVEL2,
+						  "got a match: %x:%d-%x:%d",
+						  new_ts->from_addr_ipv4, new_ts->from_port, new_ts->to_addr_ipv4, new_ts->to_port);
 		return &(new_ts->public);
 	}
 	return NULL;
@@ -256,7 +273,7 @@ static void update_address_range(private_traffic_selector_t *this, host_t *host)
 /**
  * Implements traffic_selector_t.clone.
  */
-static traffic_selector_t *clone(private_traffic_selector_t *this)
+static traffic_selector_t *clone_(private_traffic_selector_t *this)
 {
 	private_traffic_selector_t *clone = traffic_selector_create(this->protocol, this->type, this->from_port, this->to_port);
 	clone->type = this->type;
@@ -335,8 +352,8 @@ traffic_selector_t *traffic_selector_create_from_subnet(host_t *net, u_int8_t ne
 			this->from_addr_ipv4 = ntohl(*((u_int32_t*)from.ptr));
 			if (this->from_addr_ipv4 == 0)
 			{
-				/* use /32 for 0.0.0.0 */
-				this->to_addr_ipv4 = 0xFFFFFF;
+				/* use /0 for 0.0.0.0 */
+				this->to_addr_ipv4 = ~0;
 			}
 			else
 			{
@@ -413,13 +430,14 @@ static private_traffic_selector_t *traffic_selector_create(u_int8_t protocol, ts
 	this->public.get_protocol = (u_int8_t(*)(traffic_selector_t*))get_protocol;
 	this->public.get_netmask = (u_int8_t(*)(traffic_selector_t*))get_netmask;
 	this->public.update_address_range = (void(*)(traffic_selector_t*,host_t*))update_address_range;
-	this->public.clone = (traffic_selector_t*(*)(traffic_selector_t*))clone;
+	this->public.clone = (traffic_selector_t*(*)(traffic_selector_t*))clone_;
 	this->public.destroy = (void(*)(traffic_selector_t*))destroy;
 	
 	this->from_port = from_port;
 	this->to_port = to_port;
 	this->protocol = protocol;
 	this->type = type;
+	this->logger = logger_manager->get_logger(logger_manager, CONFIG);
 	
 	return this;
 }

src/charon/sa/states/ike_auth_requested.c

@@ -318,7 +318,7 @@ static status_t process_message(private_ike_auth_requested_t *this, message_t *i
 	{
 		this->logger->log(this->logger, CONTROL, "No CHILD_SA requested, no CHILD_SA built");
 	}
-	if (!this->proposal)
+	else if (!this->proposal)
 	{
 		this->logger->log(this->logger, CONTROL, "Proposal negotiation failed, no CHILD_SA built");
 		this->child_sa->destroy(this->child_sa);

src/charon/sa/states/ike_sa_init_requested.c

@@ -225,7 +225,7 @@ static status_t process_message(private_ike_sa_init_requested_t *this, message_t
 	u_int64_t responder_spi;
 	ike_sa_id_t *ike_sa_id;
 	iterator_t *payloads;
-	host_t *me;
+	host_t *me, *other;
 	connection_t *connection;
 	policy_t *policy;
 
@@ -357,9 +357,12 @@ static status_t process_message(private_ike_sa_init_requested_t *this, message_t
 	/* apply the address on wich we really received the packet */
 	connection = this->ike_sa->get_connection(this->ike_sa);
 	me = ike_sa_init_reply->get_destination(ike_sa_init_reply);
+	other = ike_sa_init_reply->get_source(ike_sa_init_reply);
 	connection->update_my_host(connection, me->clone(me));
+	connection->update_other_host(connection, other->clone(other));
 	policy = this->ike_sa->get_policy(this->ike_sa);
 	policy->update_my_ts(policy, me);
+	policy->update_other_ts(policy, other);
 	
 	/*  build empty message */
 	this->ike_sa->build_message(this->ike_sa, IKE_AUTH, TRUE, &request);

src/charon/sa/states/ike_sa_init_responded.c

@@ -411,6 +411,7 @@ static status_t build_idr_payload(private_ike_sa_init_responded_t *this, id_payl
 	my_id = this->policy->get_my_id(this->policy);
 	
 	/* update others traffic selectors with actually used address */
+	this->policy->update_my_ts(this->policy, response->get_source(response));
 	this->policy->update_other_ts(this->policy, response->get_destination(response));
 	
 	/* set policy in ike_sa for other states */